I have three ASP.Net applications and I want them to share their user status (Anonymous, LoggedIn). For this I use a custom Membership provider which lets me manage my users database effectively. But...
How can I authenticate a user in one of this applications AND let the other two applications know who is authenticated ?
(like Google does with GMail, Google Reader, Google Calendar...)
PS: Remember I use Membership Provider and Login Controls as well.
Jump to PostIN THIS CASE COOKIES IS THE BEST. FOR AN EXAMPLE YOU CAN VISIT THE BELOW LINK:
http://shawpnendu.blogspot.com/2009/04/passing-dataparametersvalues-from-one.html
IN THIS CASE COOKIES IS THE BEST. FOR AN EXAMPLE YOU CAN VISIT THE BELOW LINK:
http://shawpnendu.blogspot.com/2009/04/passing-dataparametersvalues-from-one.html
I think the generic description for this is single sign on, there are several ways to achieve it, some are more secure than others, essentially google is using cookies combined with a check that the user is allowed access to a particular application.
By default ASP.NET authentication uses an auth cookie to handle authentication to a site, but to achieve single sign on you will need to automatically create a new authentication cookie for each application a user accesses.
One way to do this could be to have the links to your other applications as link buttons, then add logic to the link button click like:
1. Check the user is authenticated in the current application.
2. Generate a random GUID for this user and save it to an auth table in the DB
3. Send the user to the next app with the GUID on the query string
4. check the guid against the database (the same query will delete this GUID and any old GUID's left in the table e.g. when someone cancels the navigation).
5. authenticate the user for the new application
the same authentication check in the new application could also check that the user has access to the new application.
There are many ways to achieve the same thing, but this method is pretty secure.
I have found some really great articles about this subject at CodeProject. Check this out:
http://www.codeproject.com/KB/aspnet/SingleSignon.aspx
http://www.codeproject.com/KB/web-security/CrossDomainAuthentication.aspx
Thanks to all of you for your answers, they help to clarify what my problem was.
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.